Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems - - PowerPoint PPT Presentation

Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems

Andr´ e Platzer

Logical Systems Lab Carnegie Mellon University, Pittsburgh, PA

0.2 0.4 0.6 0.8 1.0

0.1 0.2 0.3 0.4 0.5

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 1 / 22

Outline

1

Motivation

2

Stochastic Differential Dynamic Logic SdL Design Stochastic Differential Equations Syntax Semantics Well-definedness

3

Stochastic Differential Dynamic Logic Syntax Semantics Well-definedness

4

Proof Calculus for Stochastic Hybrid Systems Compositional Proof Calculus Soundness

5

Conclusions

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 1 / 22

Cyber-Physical Systems:

Q: I want to verify trains

Challenge

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 2 / 22

Cyber-Physical Systems: Hybrid Systems

Q: I want to verify trains A: Hybrid systems

Challenge (Hybrid Systems)

Continuous dynamics (differential equations) Discrete dynamics (control decisions)

1 2 3 4 t 2 1 1 2 a 1 2 3 4 t 0.5 1.0 1.5 2.0 2.5 3.0 v 1 2 3 4 t 1 2 3 4 5 6 z

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 2 / 22

Cyber-Physical Systems: Hybrid Systems

Q: I want to verify trains A: Hybrid systems Q: But there’s uncertainties!

Challenge (Hybrid Systems)

Continuous dynamics (differential equations) Discrete dynamics (control decisions)

1 2 3 4 t 2 1 1 2 a 1 2 3 4 t 0.5 1.0 1.5 2.0 2.5 3.0 v 1 2 3 4 t 1 2 3 4 5 6 z

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 2 / 22

Cyber-Physical Systems:

Q: I want to verify uncertain trains

Challenge

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 3 / 22

Cyber-Physical Systems: Probabilistic Systems

Q: I want to verify uncertain trains A: Markov chains

Challenge (Probabilistic Systems)

Directed graph (Countable state space) Weighted edges (Transition probabilities)

0.3 0.7 0.3 0.3 0.5 0.5 0.9 0.1 0.4 0.4 1.0 0.7 0.3 0.5 0.8 0.2 1.0 1.0 0.1

1.0 0.3 0.2 0.5 0.3 0.7

0.4 0.3 0.8 1.0 0.4 1.0 0.6 0.5 1.0 0.5 1.0 1.0 0.2 1.0 0.3

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 3 / 22

Cyber-Physical Systems: Probabilistic Systems

Q: I want to verify uncertain trains A: Markov chains Q: But trains move!

Challenge (Probabilistic Systems)

Directed graph (Countable state space) Weighted edges (Transition probabilities)

0.3 0.7 0.3 0.3 0.5 0.5 0.9 0.1 0.4 0.4 1.0 0.7 0.3 0.5 0.8 0.2 1.0 1.0 0.1

1.0 0.3 0.2 0.5 0.3 0.7

0.4 0.3 0.8 1.0 0.4 1.0 0.6 0.5 1.0 0.5 1.0 1.0 0.2 1.0 0.3

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 3 / 22

Cyber-Physical Systems:

Q: I want to verify uncertain trains

Challenge

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 4 / 22

Cyber-Physical Systems: Stochastic Hybrid Systems

Q: I want to verify uncertain trains A: Stochastic hybrid systems

Challenge (Stochastic Hybrid Systems)

Continuous dynamics (differential equations) Discrete dynamics (control decisions) Stochastic dynamics (uncertainty)

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 4 / 22

Cyber-Physical Systems: Stochastic Hybrid Systems

Q: I want to verify uncertain trains A: Stochastic hybrid systems

Challenge (Stochastic Hybrid Systems)

Continuous dynamics (differential equations) Discrete dynamics (control decisions) Stochastic dynamics (uncertainty) Discrete stochastic (lossy communication) Continuous stochastic (wind, track)

z v m

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 4 / 22

Cyber-Physical Systems: Stochastic Hybrid Systems

Q: I want to verify uncertain trains A: Stochastic hybrid systems Q: How?

Challenge (Stochastic Hybrid Systems)

Continuous dynamics (differential equations) Discrete dynamics (control decisions) Stochastic dynamics (uncertainty) Discrete stochastic (lossy communication) Continuous stochastic (wind, track)

z v m

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 4 / 22

Contributions

1 System model and semantics for stochastic hybrid systems: SHP 2 Prove semantic processes are adapted and a.s. c`

adl` ag

3 Prove natural process stopping times are Markov times 4 Specification and verification logic: SdL 5 Prove measurability of SdL semantics ⇒ probabilities well-defined 6 Proof rules for SdL 7 Sound Dynkin use of infinitesimal generators of SDEs 8 First compositional verification for stochastic hybrid systems 9 Logical foundation for analysis of stochastic hybrid systems Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 5 / 22

Outline

1

Motivation

2

Stochastic Differential Dynamic Logic SdL Design Stochastic Differential Equations Syntax Semantics Well-definedness

3

Stochastic Differential Dynamic Logic Syntax Semantics Well-definedness

4

Proof Calculus for Stochastic Hybrid Systems Compositional Proof Calculus Soundness

5

Conclusions

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 5 / 22

Outline (Conceptual Approach)

1

Motivation

2

Stochastic Differential Dynamic Logic SdL Design Stochastic Differential Equations Syntax Semantics Well-definedness

3

Stochastic Differential Dynamic Logic Syntax Semantics Well-definedness

4

Proof Calculus for Stochastic Hybrid Systems Compositional Proof Calculus Soundness

5

Conclusions

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 5 / 22

Model for Stochastic Hybrid Systems

d i s c r e t e

a := −b

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 6 / 22

Model for Stochastic Hybrid Systems

d i s c r e t e c

• n

t i n u

• u

s

a := −b

d2x dt2 = a

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 6 / 22

Model for Stochastic Hybrid Systems

d i s c r e t e c

• n

t i n u

• u

s s t

• c

h a s t i c

a := −b

d2x dt2 = a 1 3a := −b ⊕ 2 3a := a + 1

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 6 / 22

Model for Stochastic Hybrid Systems

d i s c r e t e c

• n

t i n u

• u

s s t

• c

h a s t i c

a := −b

d2x dt2 = a 1 3a := −b ⊕ 2 3a := a + 1

a := −b; d2x

dt2 = a

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 6 / 22

Model for Stochastic Hybrid Systems

d i s c r e t e c

• n

t i n u

• u

s s t

• c

h a s t i c

a := −b

d2x dt2 = a 1 3a := −b ⊕ 2 3a := a + 1

a := −b; d2x

dt2 = a

a := ∗

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 6 / 22

Model for Stochastic Hybrid Systems

d i s c r e t e c

• n

t i n u

• u

s s t

• c

h a s t i c

a := −b

d2x dt2 = a 1 3a := −b ⊕ 2 3a := a + 1

a := −b; d2x

dt2 = a

a := ∗ dX = bdt + σdW

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 6 / 22

Model for Stochastic Hybrid Systems

d i s c r e t e c

• n

t i n u

• u

s s t

• c

h a s t i c

a := −b

d2x dt2 = a 1 3a := −b ⊕ 2 3a := a + 1

a := −b; d2x

dt2 = a

a := ∗ dX = bdt + σdW SHS

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 6 / 22

Model for Stochastic Hybrid Systems

Q: How to model stochastic hybrid systems

Model (Stochastic Hybrid Systems)

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 7 / 22

Model for Stochastic Hybrid Systems

Q: How to model stochastic hybrid systems

Model (Stochastic Hybrid Systems)

Discrete dynamics (control decisions) a := −b Continuous dynamics (differential equations) Stochastic dynamics (structural)

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 7 / 22

Model for Stochastic Hybrid Systems

Q: How to model stochastic hybrid systems

Model (Stochastic Hybrid Systems)

Discrete dynamics (control decisions) a := −b Continuous dynamics (differential equations) x′′ = a Stochastic dynamics (structural)

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 7 / 22

Model for Stochastic Hybrid Systems

Q: How to model stochastic hybrid systems

Model (Stochastic Hybrid Systems)

Discrete dynamics (control decisions) a := −b Continuous dynamics (differential equations) x′′ = a Stochastic dynamics (structural)

1 3a := −b ⊕ 2 3a := a + 1

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 7 / 22

Model for Stochastic Hybrid Systems

Q: How to model stochastic hybrid systems

Model (Stochastic Hybrid Systems)

Discrete dynamics (control decisions) a := −b a := ∗ Continuous dynamics (differential equations) x′′ = a Stochastic dynamics (structural)

1 3a := −b ⊕ 2 3a := a + 1

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 7 / 22

Model for Stochastic Hybrid Systems

Q: How to model stochastic hybrid systems

Model (Stochastic Hybrid Systems)

Discrete dynamics (control decisions) a := −b a := ∗ Continuous dynamics (differential equations) x′′ = a dx = adt + σdW Stochastic dynamics (structural)

1 3a := −b ⊕ 2 3a := a + 1

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 7 / 22

Model for Stochastic Hybrid Systems

Q: How to model stochastic hybrid systems A: Stochastic Hybrid Programs

Model (Stochastic Hybrid Systems)

Discrete dynamics (control decisions) a := −b a := ∗ Continuous dynamics (differential equations) x′′ = a dx = adt + σdW Stochastic dynamics (structural)

1 3a := −b ⊕ 2 3a := a + 1

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 7 / 22

Stochastic Differential Equations (SDE)

Definition (Ordinary differential equation (ODE))

dx(t) dt = b(x(t)) x(0) = x0 t x

dx(t) dt

= 1 x0 + t

Definition (It¯

• stochastic differential equation (SDE))

dXt = b(Xt)dt + σ(Xt)dWt X0 = Z

0.2 0.4 0.6 0.8 1.0

• 1

1 2 0.2 0.4 0.6 0.8 1.0 1 1 2

• Andr´

e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 8 / 22

Stochastic Differential Equations (SDE)

Definition (Ordinary differential equation (ODE))

dx(t) dt = b(x(t)) x(0) = x0 t x

dx(t) dt

= 1 x0 + t

Definition (It¯

• stochastic differential equation (SDE))

Xs = Z + s dXt = Z + s b(Xt)dt + s σ(Xt)dWt

0.2 0.4 0.6 0.8 1.0

• 1

1 2 0.2 0.4 0.6 0.8 1.0 1 1 2

• Andr´

e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 8 / 22

Stochastic Differential Equations (SDE)

Definition (Ordinary differential equation (ODE))

dx(t) dt = b(x(t)) x(0) = x0 t x

dx(t) dt

= 1 x0 + t

Definition (It¯

• stochastic differential equation (SDE))

Xs = Z + s dXt = Z + s b(Xt)dt + s σ(Xt)dWt

0.2 0.4 0.6 0.8 1.0

• 1

1 2 0.2 0.4 0.6 0.8 1.0 1 1 2

• Calculus

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 8 / 22

Stochastic Differential Equations (SDE)

Definition (Ordinary differential equation (ODE))

dx(t) dt = b(x(t)) x(0) = x0 t x

dx(t) dt

= 1 x0 + t

Definition (It¯

• stochastic differential equation (SDE))

Xs = Z + s dXt = Z + s b(Xt)dt + s σ(Xt)dWt

0.2 0.4 0.6 0.8 1.0

• 1

1 2 0.2 0.4 0.6 0.8 1.0 1 1 2

• Calculus

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 8 / 22

Brownian Motion is Extremely Complex

Definition (Brownian motion W ⇒ end of calculus)

1 W0 = 0

(start at 0)

2 Wt almost surely continuous 3 Wt − Ws ∼ N(0, t − s)

(independent normal increments) ⇒ a.s. continuous everywhere but nowhere differentiable ⇒ a.s. unbounded variation, ∈ FV, nonmonotonic on every interval

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 9 / 22

Brownian Motion is Extremely Complex

Definition (Brownian motion W ⇒ end of calculus)

1 W0 = 0

(start at 0)

2 Wt almost surely continuous 3 Wt − Ws ∼ N(0, t − s)

(independent normal increments) ⇒ a.s. continuous everywhere but nowhere differentiable ⇒ a.s. unbounded variation, ∈ FV, nonmonotonic on every interval

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 9 / 22

Stochastic Hybrid Programs: Syntax

Definition (Stochastic hybrid program α)

x := θ (assignment)

• jump & test

x := ∗ (random assignment) ?H (conditional execution) dx = bdt + σdW & H (SDE) α; β (seq. composition)

• algebra

λα ⊕ νβ (convex combination) α∗ (nondet. repetition)

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 10 / 22

What is the Semantics of a Stochastic Hybrid Program?

Usual semantics of system is transition relation ⊆ Rd × Rd on states

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 11 / 22

What is the Semantics of a Stochastic Hybrid Program?

Usual semantics of system is transition relation ⊆ Rd × Rd on states This does not work here, because we lose stochastic information Idea: Start at initial value described by random variable Z : Ω → Rd

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 11 / 22

What is the Semantics of a Stochastic Hybrid Program?

Usual semantics of system is transition relation ⊆ Rd × Rd on states This does not work here, because we lose stochastic information Idea: Start at initial value described by random variable Z : Ω → Rd Semantics of program α is stochastic process generator [ [α] ] : (Ω → Rd) → ([0, ∞) × Ω → Rd) giving stochastic process [ [α] ]Z : [0, ∞) × Ω → Rd for each Z

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 11 / 22

What is the Semantics of a Stochastic Hybrid Program?

Usual semantics of system is transition relation ⊆ Rd × Rd on states This does not work here, because we lose stochastic information Idea: Start at initial value described by random variable Z : Ω → Rd Semantics of program α is stochastic process generator [ [α] ] : (Ω → Rd) → ([0, ∞) × Ω → Rd) giving stochastic process [ [α] ]Z : [0, ∞) × Ω → Rd for each Z When does a stochastic process stop? Semantics of program α includes stopping time generator ( |α| ) : (Ω → Rd) → (Ω → R) giving stopping time ( |α| )Z : Ω → R for each Z

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 11 / 22

Stochastic Hybrid Program: Process Semantics

Z Xt [ [xi := θ] ]Z xi . = [ [θ] ]Z

Definition (Stochastic hybrid program α: process semantics )

[ [xi := θ] ]Z = ˆ Y Y (ω)i = [ [θ] ]Z(ω) and Yj = Zj (for j = i) ( |xi := θ| )Z = 0 t x Z Xt if Xti = [ [θ] ]Z and Xtj = Zj for j = i

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 12 / 22

Stochastic Hybrid Program: Process Semantics

Z Xt [ [xi := ∗] ]Z xi ∼ U(0, 1)

Definition (Stochastic hybrid program α: process semantics )

[ [xi := ∗] ]Z = ˆ U Ui ∼ U(0, 1) i.i.d. F0-measurable ( |xi := ∗| )Z = 0 t x Z Xt Xt if Xti ∼ U(0, 1) and Xt(z) = Z(z) for z = x

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 12 / 22

Stochastic Hybrid Program: Process Semantics

Z [ [?H] ]Z

• n {Z |

= H}

Definition (Stochastic hybrid program α: process semantics )

[ [?H] ]Z = ˆ Z

• n the event {Z |

= H} ( |?H| )Z = 0 t x Z no change on {Z | = H}

• therwise not defined

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 12 / 22

Stochastic Hybrid Program: Process Semantics

Z Xt [ [dx = bdt + σdW & H] ]Z

Definition (Stochastic hybrid program α: process semantics )

[ [dx = bdt + σdW & H] ]Z solves dX = [ [b] ]Xdt + [ [σ] ]XdBt, X0 = Z ( |dx = bdt + σdW & H| )Z = inf{t ≥ 0 : Xt ∈ H} t x H Z Xt dx = bdt + σdW & H

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 12 / 22

Stochastic Hybrid Program: Process Semantics

Z Xt Xt [ [α] ]Z [ [β] ]Z [ [λα ⊕ νβ] ]Z

Definition (Stochastic hybrid program α: process semantics )

[ [λα ⊕ νβ] ]Z = IU≤λ[ [α] ]Z + IU>λ[ [β] ]Z =

• [

[α] ]Z

• n event {U ≤ λ}

[ [β] ]Z

• n event {U > λ}

( |λα ⊕ νβ| )Z = IU≤λ( |α| )Z + IU>λ( |β| )Zwith i.i.d. U ∼ U(0, 1), F0-meas t x Z Xt Xt

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 12 / 22

Stochastic Hybrid Program: Process Semantics

Z s Xt [ [α; β] ]Z [ [α] ]Z [ [β] ]Z

Definition (Stochastic hybrid program α: process semantics )

[ [α; β] ]Z

t =

   [ [α] ]Z

t

• n event {t < (

|α| )Z} [ [β] ]

[ [α] ]Z

( |α| )Z

t−( |α| )Z

• n event {t ≥ (

|α| )Z} ( |α; β| )Z = ( |α| )Z + ( |β| )

[ [α] ]Z

( |α| )Z

t x Z s Xt

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 12 / 22

Stochastic Hybrid Program: Process Semantics

Z s1 s2 sn Xt [ [α∗] ]Z [ [α] ]Z [ [α] ]Z [ [α] ]Z

Definition (Stochastic hybrid program α: process semantics )

[ [α∗] ]Z

t = [

[αn] ]Z

t on event {(

|αn| )Z > t} ( |α∗| )Z = lim

n→∞ (

|αn| )Z t x Z Xt

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 12 / 22

Stochastic Hybrid Program: Process Semantics

Z s1 s2 sn Xt [ [α∗] ]Z [ [α] ]Z [ [α] ]Z [ [α] ]Z

Definition (Stochastic hybrid program α: process semantics )

[ [α∗] ]Z

t = [

[αn] ]Z

t on event {(

|αn| )Z > t} ( |α∗| )Z = lim

n→∞ (

|αn| )Z monotone! t x Z Xt

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 12 / 22

Well-definedness of Stochastic Process Semantics

Theorem

1 [

[α] ]Z is a.s. c` adl` ag and adapted (to completed filtration (Ft) generated by Z, (Ws)s≤t, U)

2 (

|α| )Z is a Markov time / stopping time (i.e., {( |α| )Z ≤ t} ∈ Ft) ⇒ End value [ [α] ]Z

( |α| )Z is F( |α| )Z -measurable.

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 13 / 22

Outline

1

Motivation

2

Stochastic Differential Dynamic Logic SdL Design Stochastic Differential Equations Syntax Semantics Well-definedness

3

Stochastic Differential Dynamic Logic Syntax Semantics Well-definedness

4

Proof Calculus for Stochastic Hybrid Systems Compositional Proof Calculus Soundness

5

Conclusions

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 13 / 22

Stochastic Differential Dynamic Logic SdL: Syntax

Definition (SdL term f )

F (primitive measurable function, e.g., characteristic IA) λf + νg (linear term) Bf (scalar term for boolean term B) αf (reachable)

Definition (SdL formula φ)

φ ::= f ≤ g | f = g

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 14 / 22

What is the Semantics of SdL?

Semantics of classical logics maps interpretations to truth-values.

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 15 / 22

What is the Semantics of SdL?

Semantics of classical logics maps interpretations to truth-values. This does not work for SdL, because state evolution of α in αf is stochastic.

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 15 / 22

What is the Semantics of SdL?

Semantics of classical logics maps interpretations to truth-values. This does not work for SdL, because state evolution of α in αf is stochastic. Semantics of SdL is stochastic. Semantics of SdL is a random variable generator [ [f ] ] : (Ω → Rd) → (Ω → R) giving a random variable [ [f ] ]Z : Ω → R for each initial state random variable Z

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 15 / 22

Stochastic Differential Dynamic Logic SdL: Semantics

Definition (Measurable semantics)

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 16 / 22

Stochastic Differential Dynamic Logic SdL: Semantics

Definition (Measurable semantics)

[ [F] ]Z = F ℓ(Z) i.e., [ [F] ]Z(ω) = F ℓ(Z(ω))

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 16 / 22

Stochastic Differential Dynamic Logic SdL: Semantics

Definition (Measurable semantics)

[ [F] ]Z = F ℓ(Z) i.e., [ [F] ]Z(ω) = F ℓ(Z(ω)) [ [λf + νg] ]Z = λ[ [f ] ]Z + ν[ [g] ]Z

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 16 / 22

Stochastic Differential Dynamic Logic SdL: Semantics

Definition (Measurable semantics)

[ [F] ]Z = F ℓ(Z) i.e., [ [F] ]Z(ω) = F ℓ(Z(ω)) [ [λf + νg] ]Z = λ[ [f ] ]Z + ν[ [g] ]Z [ [Bf ] ]Z = [ [B] ]Z ∗ [ [f ] ]Z i.e., [ [Bf ] ]Z(ω) = [ [B] ]Z(ω)[ [f ] ]Z(ω)

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 16 / 22

Stochastic Differential Dynamic Logic SdL: Semantics

Definition (Measurable semantics)

[ [F] ]Z = F ℓ(Z) i.e., [ [F] ]Z(ω) = F ℓ(Z(ω)) [ [λf + νg] ]Z = λ[ [f ] ]Z + ν[ [g] ]Z [ [Bf ] ]Z = [ [B] ]Z ∗ [ [f ] ]Z i.e., [ [Bf ] ]Z(ω) = [ [B] ]Z(ω)[ [f ] ]Z(ω) [ [αf ] ]Z = sup{[ [f ] ][

[α] ]Z

t

: 0 ≤ t ≤ ( |α| )Z}

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 16 / 22

Stochastic Differential Dynamic Logic SdL: Semantics

Definition (Measurable semantics)

[ [F] ]Z = F ℓ(Z) i.e., [ [F] ]Z(ω) = F ℓ(Z(ω)) [ [λf + νg] ]Z = λ[ [f ] ]Z + ν[ [g] ]Z [ [Bf ] ]Z = [ [B] ]Z ∗ [ [f ] ]Z i.e., [ [Bf ] ]Z(ω) = [ [B] ]Z(ω)[ [f ] ]Z(ω) [ [αf ] ]Z = sup{[ [f ] ][

[α] ]Z

t

: 0 ≤ t ≤ ( |α| )Z} t x Z Xt [ [αf ] ]Z

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 16 / 22

Well-definedness of SdL Semantics

Theorem (Measurable)

[ [f ] ]Z is a random variable (i.e., measurable) for any random variable Z and SdL term f .

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 17 / 22

Well-definedness of SdL Semantics

Theorem (Measurable)

[ [f ] ]Z is a random variable (i.e., measurable) for any random variable Z and SdL term f .

Corollary (Pushforward measure well-defined for Borel-measurable S)

S → P(([ [f ] ]Z)−1(S)) = P({ω ∈ Ω : [ [f ] ]Z(ω) ∈ S}) = P([ [f ] ]Z ∈ S)

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 17 / 22

Outline (Verification Approach)

1

Motivation

2

Stochastic Differential Dynamic Logic SdL Design Stochastic Differential Equations Syntax Semantics Well-definedness

3

Stochastic Differential Dynamic Logic Syntax Semantics Well-definedness

4

Proof Calculus for Stochastic Hybrid Systems Compositional Proof Calculus Soundness

5

Conclusions

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 17 / 22

Proof Calculus for Stochastic Differential Dynamic Logic

xi := θf = f θ

xi

Xt Xt f θ

xi

[ [xi := θ] ]Xt xi . = [ [θ] ]Xt

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 18 / 22

Proof Calculus for Stochastic Differential Dynamic Logic

xi := θf = f θ

xi

Xt Xt f θ

xi

[ [xi := θ] ]Xt xi . = [ [θ] ]Xt ?Hf = Hf Xt [ [?H] ]Xt

• n {Xt |

= H}

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 18 / 22

Proof Calculus for Stochastic Differential Dynamic Logic

xi := θf = f θ

xi

Xt Xt f θ

xi

[ [xi := θ] ]Xt xi . = [ [θ] ]Xt ?Hf = Hf Xt [ [?H] ]Xt

• n {Xt |

= H} α(λf ) = λαf

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 18 / 22

Proof Calculus for Stochastic Differential Dynamic Logic

xi := θf = f θ

xi

Xt Xt f θ

xi

[ [xi := θ] ]Xt xi . = [ [θ] ]Xt ?Hf = Hf Xt [ [?H] ]Xt

• n {Xt |

= H} α(λf ) = λαf α(λf +νg) ≤ λαf +ναg

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 18 / 22

Proof Calculus for Stochastic Differential Dynamic Logic

xi := θf = f θ

xi

Xt Xt f θ

xi

[ [xi := θ] ]Xt xi . = [ [θ] ]Xt ?Hf = Hf Xt [ [?H] ]Xt

• n {Xt |

= H} α(λf ) = λαf α(λf +νg) ≤ λαf +ναg f ≤ g αf ≤ αg

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 18 / 22

Proof Calculus for Stochastic Differential Dynamic Logic

α; βf ≤ α(f ⊔ βf ) f ≤ βf α; βf ≤ αβf Xt s Xt [ [α; β] ]Xt [ [α] ]Xt [ [β] ]Xt

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 19 / 22

Proof Calculus for Stochastic Differential Dynamic Logic

α; βf ≤ α(f ⊔ βf ) f ≤ βf α; βf ≤ αβf Xt s Xt [ [α; β] ]Xt [ [α] ]Xt [ [β] ]Xt αf ≤ f α∗f ≤ f Xt s1 s2 sn Xt [ [α∗] ]Xt [ [α] ]Xt [ [α] ]Xt [ [α] ]Xt

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 19 / 22

Proof Calculus for Stochastic Differential Dynamic Logic

α; βf ≤ α(f ⊔ βf ) f ≤ βf α; βf ≤ αβf Xt s Xt [ [α; β] ]Xt [ [α] ]Xt [ [β] ]Xt αf ≤ f α∗f ≤ f Xt s1 s2 sn Xt [ [α∗] ]Xt [ [α] ]Xt [ [α] ]Xt [ [α] ]Xt P(λα ⊕ νβf ∈ S) = λP(αf ∈ S) + νP(βf ∈ S) Xt Xt Xt [ [α] ]Xt [ [β] ]Xt [ [λα ⊕ νβ] ]Xt

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 19 / 22

Soundness

Theorem (SdL calculus is sound)

1 Rules are globally sound pathwise, i.e., fi ≤ gi f ≤ g holds for each

initial Z pathwise for each ω ∈ Ω

2 ⊕ is sound in distribution Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 20 / 22

Soundness

Theorem (SdL calculus is sound)

1 Rules are globally sound pathwise, i.e., fi ≤ gi f ≤ g holds for each

initial Z pathwise for each ω ∈ Ω

2 ⊕ is sound in distribution

Theorem (Soundness for SDE)

Let λ > 0, f ∈ C 2

C(Rd, R) compact support on H (e.g., H bounded)

α(H → f ) ≤ λp H→f ≥ 0 H→Lf ≤ 0 P(αdx = bdt + σdW & Hf ≥ λ) ≤ p sound

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 20 / 22

Soundness

Theorem (Soundness for SDE)

Let λ > 0, f ∈ C 2

C(Rd, R) compact support on H (e.g., H bounded)

α(H → f ) ≤ λp H→f ≥ 0 H→Lf ≤ 0 P(αdx = bdt + σdW & Hf ≥ λ) ≤ p sound

Theorem (Dynkin for c` adl` ag strong Markov Xt and f ∈ C 2

C(Rd, R))

Af (x) := lim

tց0

E xf (Xt) − f (x) t

E xτ<∞

⇒ E xf (Xτ) = f (x)+E x τ Af (Xs)ds

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 20 / 22

Soundness

Theorem (Soundness for SDE)

Let λ > 0, f ∈ C 2

C(Rd, R) compact support on H (e.g., H bounded)

α(H → f ) ≤ λp H→f ≥ 0 H→Lf ≤ 0 P(αdx = bdt + σdW & Hf ≥ λ) ≤ p sound

Theorem (Dynkin for c` adl` ag strong Markov Xt and f ∈ C 2

C(Rd, R))

Af (x) := lim

tց0

E xf (Xt) − f (x) t

E xτ<∞

⇒ E xf (Xτ) = f (x)+E x τ Af (Xs)ds

Theorem (Differential generator for SDE solution and f ∈ C 2

C(Rd, R))

Af = Lf := b∇f + σσT 2 ∇∇f

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 20 / 22

Soundness

Theorem (Soundness for SDE)

Let λ > 0, f ∈ C 2

C(Rd, R) compact support on H (e.g., H bounded)

α(H → f ) ≤ λp H→f ≥ 0 H→Lf ≤ 0 P(αdx = bdt + σdW & Hf ≥ λ) ≤ p sound

Theorem (Dynkin for c` adl` ag strong Markov Xt and f ∈ C 2

C(Rd, R))

Af (x) := lim

tց0

E xf (Xt) − f (x) t

E xτ<∞

⇒ E xf (Xτ) = f (x)+E x τ Af (Xs)ds

Theorem (Differential generator for SDE solution and f ∈ C 2

C(Rd, R))

Af = Lf := b∇f + σσT 2 ∇∇f =

• i

bi ∂f ∂xi + 1 2

• i,j

(σσT)i,j ∂2f ∂xi∂xj

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 20 / 22

Soundness

Theorem (Soundness for SDE)

Let λ > 0, f ∈ C 2

C(Rd, R) compact support on H (e.g., H bounded)

α(H → f ) ≤ λp H→f ≥ 0 H→Lf ≤ 0 P(αdx = bdt + σdW & Hf ≥ λ) ≤ p sound

Theorem (Dynkin for c` adl` ag strong Markov Xt and f ∈ C 2

C(Rd, R))

Af (x) := lim

tց0

E xf (Xt) − f (x) t

E xτ<∞

⇒ E xf (Xτ) = f (x)+E x τ Af (Xs)ds Af (Xs) = Lf (Xs) ≤ 0 on H ⇒ E xf (Xτ) ≤ f (x) for all x, τ ⇒ Px-a.s. E x(f (Xt)|Fs) = E Xsf (Xt−s) ≤ f (Xs) ⇒ Xt supermartingale

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 20 / 22

Soundness

Theorem (Soundness for SDE)

Let λ > 0, f ∈ C 2

C(Rd, R) compact support on H (e.g., H bounded)

α(H → f ) ≤ λp H→f ≥ 0 H→Lf ≤ 0 P(αdx = bdt + σdW & Hf ≥ λ) ≤ p sound

Theorem (Dynkin for c` adl` ag strong Markov Xt and f ∈ C 2

C(Rd, R))

Af (x) := lim

tց0

E xf (Xt) − f (x) t

E xτ<∞

⇒ E xf (Xτ) = f (x)+E x τ Af (Xs)ds

Theorem (Doob maximal martingale ineq., c` adl` ag supermartingale)

∀ f ≥ 0, λ > 0 P

• sup

t≥0

f (Xt) ≥ λ | F0

• ≤ Ef (X0)

λ

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 20 / 22

Soundness

Theorem (Soundness for SDE)

Let λ > 0, f ∈ C 2

C(Rd, R) compact support on H (e.g., H bounded)

α(H → f ) ≤ λp H→f ≥ 0 H→Lf ≤ 0 P(αdx = bdt + σdW & Hf ≥ λ) ≤ p sound

Theorem (Dynkin for c` adl` ag strong Markov Xt and f ∈ C 2

C(Rd, R))

Af (x) := lim

tց0

E xf (Xt) − f (x) t

E xτ<∞

⇒ E xf (Xτ) = f (x)+E x τ Af (Xs)ds

Theorem (Doob maximal martingale ineq., c` adl` ag supermartingale)

∀ f ≥ 0, λ > 0 P

• sup

t≥0

f (Xt) ≥ λ | F0

• ≤ Ef (X0)

λ ≤ λp λ = p

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 20 / 22

Proof Example

α(H → f ) ≤ λp H→f ≥ 0 H→Lf ≤ 0 P(αdx = bdt + σdW & Hf ≥ λ) ≤ p ?x2 + y2 ≤ 1 3(H → f ) =

• H → x2 + y2 ≤ 1

3

• (x2 + y2) ≤ 1 ∗ 1

3 f ≡ x2 + y2 ≥ 0 with H ≡ x2 + y2 < 10 Lf = 1 2

• −x ∂f

∂x − y ∂f ∂y + y2 ∂2f ∂x2 − 2xy ∂2f ∂x∂y + x2 ∂2f ∂y2

• ≤ 0

P(?x2 + y2 ≤ 1 3; dx = −x 2dt − ydW , dy = −y 2dt + xdW & Hx2 + y2 ≥ 1) ≤ (by ;′) P(?x2 + y2 ≤ 1 3dx = −x 2dt − ydW , dy = −y 2dt + xdW & Hx2 + y2 ≥ 1) ≤ 1 3

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 21 / 22

Outline

1

Motivation

2

Stochastic Differential Dynamic Logic SdL Design Stochastic Differential Equations Syntax Semantics Well-definedness

3

Stochastic Differential Dynamic Logic Syntax Semantics Well-definedness

4

Proof Calculus for Stochastic Hybrid Systems Compositional Proof Calculus Soundness

5

Conclusions

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 21 / 22

Conclusions

d i s c r e t e c

• n

t i n u

• u

s s t

• c

h a s t i c stochastic differential dynamic logic

SdL = DLarithmetic + SHP αφ φ Stochastic hybrid systems Compositional system model & semantics Logic for stochastic hybrid systems Well-definedness & measurability Stochastics accessible in logic Compositional proof rules Stochastic calculus & symbolic logic

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 22 / 22

Conclusions

d i s c r e t e c

• n

t i n u

• u

s s t

• c

h a s t i c stochastic differential dynamic logic

SdL = DLarithmetic + SHP αφ φ Stochastic hybrid systems Compositional system model & semantics Logic for stochastic hybrid systems Well-definedness & measurability Stochastics accessible in logic Compositional proof rules Stochastic calculus & symbolic logic

Andr´ e Platzer (CMU) Stochastic Differential Dynamic Logic for Stochastic Hybrid Systems CADE 22 / 22